/**
 * 
 */
package com.letoo.dragon.common.utils;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.aliyun.oss.ClientException;
import com.aliyuncs.DefaultAcsClient;
import com.aliyuncs.exceptions.ServerException;
import com.aliyuncs.http.MethodType;
import com.aliyuncs.http.ProtocolType;
import com.aliyuncs.profile.DefaultProfile;
import com.aliyuncs.profile.IClientProfile;
import com.aliyuncs.sts.model.v20150401.AssumeRoleRequest;
import com.aliyuncs.sts.model.v20150401.AssumeRoleResponse;

/**
 * 阿里云STS token工具类
 * 
 * @author dengjie
 *
 */
public class AliyunStsTokenUtils {

    private static final Logger LOG = LoggerFactory.getLogger(AliyunStsTokenUtils.class);

    // 目前只有"cn-hangzhou"这个region可用, 不要使用填写其他region的值
    public static final String REGION_CN_HANGZHOU = "cn-hangzhou";
    // 当前 STS API 版本
    public static final String STS_API_VERSION = "2015-04-01";

    public static AssumeRoleResponse assumeRole(String accessKeyId, String accessKeySecret, String roleArn,
            String roleSessionName, ProtocolType protocolType) {
        try {
            // 创建一个 Aliyun Acs Client, 用于发起 OpenAPI 请求
            IClientProfile profile = DefaultProfile.getProfile(REGION_CN_HANGZHOU, accessKeyId, accessKeySecret);
            DefaultAcsClient client = new DefaultAcsClient(profile);
            // 创建一个 AssumeRoleRequest 并设置请求参数
            final AssumeRoleRequest request = new AssumeRoleRequest();
            request.setVersion(STS_API_VERSION);
            request.setMethod(MethodType.POST);
            request.setProtocol(protocolType);
            request.setRoleArn(roleArn);
            request.setRoleSessionName(roleSessionName);
            // 发起请求，并得到response
            final AssumeRoleResponse response = client.getAcsResponse(request);
            return response;
        } catch (ClientException e) {
            LOG.error("AliyunStsTokenUtils assumeRole method:", e);
        } catch (ServerException e1) {
            LOG.error("AliyunStsTokenUtils assumeRole method:", e1);
        } catch (com.aliyuncs.exceptions.ClientException e2) {
            LOG.error("AliyunStsTokenUtils assumeRole method:", e2);
        }
        return null;
    }

    public static void main(String[] args) {
        long beginTime = System.currentTimeMillis();
        // 只有 RAM用户（子账号）才能调用 AssumeRole 接口
        // 阿里云主账号的AccessKeys不能用于发起AssumeRole请求
        // 请首先在RAM控制台创建一个RAM用户，并为这个用户创建AccessKeys
        String accessKeyId = "LTAIhufjCTJaoyuz";
        String accessKeySecret = "9HyA0QkI1fwgowXQb2jV41ef3uE7qU";
        // AssumeRole API 请求参数: RoleArn, RoleSessionName, Policy, and DurationSeconds
        // RoleArn 需要在 RAM 控制台上获取
        String roleArn = "acs:ram::1649141791877527:role/aliyunosstokengeneratorrole";
        // RoleSessionName 是临时Token的会话名称，自己指定用于标识你的用户，主要用于审计，或者用于区分Token颁发给谁
        // 但是注意RoleSessionName的长度和规则，不要有空格，只能有'-' '_' 字母和数字等字符
        // 具体规则请参考API文档中的格式要求
        String roleSessionName = "xiaobaibai-001";
        // 此处必须为 HTTPS
        ProtocolType protocolType = ProtocolType.HTTPS;
        try {
            final AssumeRoleResponse response = assumeRole(accessKeyId, accessKeySecret, roleArn, roleSessionName,
                    protocolType);
            LOG.info("Expiration: " + response.getCredentials().getExpiration());
            LOG.info("Access Key Id: " + response.getCredentials().getAccessKeyId());
            LOG.info("Access Key Secret: " + response.getCredentials().getAccessKeySecret());
            LOG.info("Security Token: " + response.getCredentials().getSecurityToken());
        } catch (ClientException e) {
            LOG.error(String.format("AliyunStsTokenUtils Failed to get a token.Error code: %s . Error code: %s ",
                    e.getErrorCode(), e.getErrorMessage()));
        }
        long endTime = System.currentTimeMillis();
        System.out.print((endTime - beginTime));
    }

}
